GDPR: What You Need to Know

You have probably noticed a recent influx of emails sharing things like “updates to our privacy policy” and “we care about your personal information." Or maybe you remember a certain social media giant testifying before Congress back in April on their management of user data. Aside from learning that we all maybe subscribe to too many newsletters or retail mailing lists, we are becoming very familiar with a new acronym: GDPR. As your marketing and business partner, we wanted to share some brief information describing what GDPR is and how it may affect you or your business.

Oh, and while we're talking about it, here’s a link to our privacy policy too.

What Is GDPR?

GDPR stands for General Data Protection Regulation, which is a legal framework that regulates the way businesses process and manage personal data.  The actual text of the GDPR consists of 11 chapters and 99 pages of information. Citizen rights, organizational obligations, provisions, definitions, and fines are all outlined in the GDPR.

Who Does It Affect?

The GDPR applies to organizations inside the EU and organizations located outside of the EU that offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. So if any European citizen’s data is touched at your company, even if it’s located in the U.S., you need to be compliant with the GDPR.

What Is Considered Personal Data? 

Things like name, address, location, phone number, health records, income/banking information, and cultural preferences are all considered forms of personal data.

What Steps Can I Take To Become GDPR Compliant? 

There are many graphics and checklists that break down what you can do to comply with GDPR regulations. Here are a few steps you can take to start protecting your organization and your user's data:

1. Create awareness: Make sure your employees understand GDPR and why you are collecting the data.
2. Analyze personal data: Create and analyze a list of all sensitive data you manage, store, and process.
3. Review: Review your company’s privacy policy and update it regularly.
4. Rights: Understand what access rights your data subjects have and how those should be handled and updated.
5. Consent: Make sure customers consent to you processing and storing their data.
6. Data breaches: Implement a procedure for handling a data breach.
7. Impact assessments: Conduct impact assessments to help you minimize data protection risks.
8. Data Protection Officers (DPO): Determine whether you need a DPO to manage your data.

For full details and information on these regulations, please visit the GDPR website.